Millions of gaming account details are stolen in massive Blizzard hack

  • @bobjwilliams

The account details of millions of online gamers have been stolen in a hack attack on games company Blizzard.

The company, which makes the World Of Warcraft, StarCraft and Diablo franchises posted a message on its website today advising players using North American servers to change their passwords for the account management service.

The compromised data relates to accounts which are used for all of Blizzard's games.

In a posting today the company said: “This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.”

The post goes on to explain that the data that was illegally accessed included a list of email addresses for global users outside of China.

Players on North America servers (which includes users in North America, Latin America, Australia, New Zealand and Southeast Asia), had their security question details hacked as well as information relating to Mobile and Dial-In authentication.

Cryptographically scrambled passwords were also taken.

The company has advised that gamers that play online via North American servers should change their passwords as a precaution.

The company has stressed it would be extremely difficult to access actual passwords using the scrambled data stolen.

They also stressed that no financial data had been accessed, such as credit cards or billing addresses.

Blizzard said that users should be aware of any potential phishing scams that may follow as a consequence of email details being out in the open.

Blizzard Entertainment boss Mike Morhaime said the hack had been discovered on August 4th, and that the company were:  “truly sorry that this has happened”.

The company said it had spent the time since August 4th fixing the vulnerability in their systems and finding out what information had been compromised.

Following the hack the company is likely to face criticism over its decision to make games that require a login via and cannot be played offline.

Despite the loss of passwords and email data Blizzard's use of a Secure Remote Password protocol is likely to have minimised the consequences for users as the system makes it near impossible to brute-force a password, a method hackers use in which a computer attempts every possible key or password until it succeeds.